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Abstract 

Explicit  modal  logic  was  first  sketched  by  Godel  in  [19]  as  the  logic  with  the  atoms 
15  a  proof  of  F’ .  The  complete  axiomatization  of  the  Logic  of  Proofs  CP  was  found  in 
[4]  (see  also  [6], [7], [21]).  In  this  paper  we  establish  a  sort  of  a  functional  completeness 
property  of  proof  polynomials  which  constitute  the  system  of  proof  terms  in  CP,  Proof 
polynomials  are  built  from  variables  and  constants  by  three  operations  on  proofs: 
(application),  “I”  (proof  checker),  and  (choice).  Here  constants  stand  for  canonical 
proofs  of  “simple  facts” ,  namely  instances  of  propositional  axioms  and  axioms  of  CP  in  a 
given  proof  system.  We  show  that  every  operation  on  proofs  that  (i)  can  be  specified  in 
a  propositional  modal  language  and  (ii)  is  invariant  with  respect  to  the  choice  of  a  proof 
system  is  realized  by  a  proof  polynomial. 


Introduction 

The  intended  meaning  of  the  intuitionistic  logic  was  informally  explained  first  in  terms  of 
operations  on  proofs  due  to  Brouwer,  Heyting  and  Kolmogorov  (cf.  [47], [48], [13]).  This 
interpretation  is  widely  known  as  the  BHK  semantics  of  intuitionistic  logic.  However,  despite 
some  similarities  in  the  informal  description  of  the  functions  assigned  to  the  intuitionistic 
connective,  the  Heyting  semantics  and  the  Kolmogorov  semantics  have  fundamentally  different 
objectives-  The  Heyting  semantics  explaines  intuitionistic  logic  in  terms  of  an  undefined  notion 
of  intuitionistic  proof.  The  Kolmogorov  interpretation  of  Xnt  as  a  calculus  of  problems  [24], 
along  with  the  related  papers  by  Godel  [18], [19]  intended  to  interpret  Xnt  on  the  basis  of 
classical  proofs,  thus  providing  an  independent  definition  of  intuitionistic  logic  within  the 
classical  mathematics. 

•Technical  Report  CFIS  99-02,  Cornell  University.  Accepted  for  publication  in  the  volume  Advances  in 
Modal  Logic,  II. 

' Department  of  Mathematics,  Cornell  University,  email: artemovOmath.comell.edu  and  Moscow  Univer¬ 
sity,  Russia.  The  research  described  in  this  paper  was  supported  in  part  by  ARO  under  the  MURI  program 
“Integrated  Approach  to  Intelligent  Systems”,  grant  D A AH04-96- 1-0341,  and  by  DARPA  under  program  LPE, 
project  34145- 
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BHK  semantics  gave  rise  to  intensive  studies  of  constructive  semantics  for  intuitionistic 
theories,  first  of  all  realizability.  The  basic  notions  of  realizability  were  defined  along  the  lines 
of  BHK  clauses  with  different  constructive  objects  instead  of  proofs:  computable  functions 
and  their  codes  (e.g.  in  [22], [23]),  computable  operations  of  higher  types  (e.g.  in  [27]),  partial 
recursive  operations  (e.g.  in  [15], [16]),  etc.  For  the  references  one  may  consult  recent  surveys 
on  realizability  and  constructive  semantics  [8], [49]. 

Note  that  the  standard  realizability  does  not  provide  an  adequate  semantics  for  Int. 
First  of  all,  following  Kleene  ([22])  one  should  distinguish  between  intuitionistic  and  classical 
understanding  of  realizability  semantics  for  intuitionistic  theories.  Intuitionistic  realizability 
enjoys  some  nice  completeness  properties  but  does  not  provide  an  independent  semantics  for 
Int.  For  example,  as  follows  from  [40],  a  formula  F  is  provable  in  intuitionistic  predicate 
logic  iff  all  arithmetical  instances  of  F  are  provably  realizable  in  a  certain  extension  HA"^  of 
intuitionistic  arithmetic.  Such  a  result  relates  Int  with  a  formal  theory  based  on  the  same 
Int  and  thus  is  not  intended  to  give  an  independent  semantics  for  the  latter.  On  the  other 
hand,  classical  realizabilities  (Kleene  realizability  [22],  function  realizability  [23],  modified 
realizability  [27],  Medvedev’s  calculus  of  finite  problems  [34]  and  its  variants),  give  conditions 
necessary  but  not  sufficient  for  Int(cf.[13],[49],[50],[51]).  Each  of  them  realizes  some  formulas 
not  derivable  in  Int.  A  formalization  of  the  BHK  semantics  suggested  by  Kreisel  in  [26]  also 
did  not  provide  an  adequate  model  for  intuitionistic  logic  (cf.  [52],  [41]).  For  more  discussion 
on  realizability  semantics  for  Int  see  [49]. 

In  1933  Godel  ([18])  defined  Int  on  the  basis  of  the  notion  of  proof  in  a  classical  math¬ 
ematical  system,  reminiscent  to  the  one  from  the  classical  BHK  semantics.  Namely,  Godel 
introduced  the  logic  of  provability  (coinciding  with  the  modal  logic  «^)  and  constructed  an 
embedding  of  Int  into  «S4.  In  [18]  no  formal  provability  semantics  for  was  suggested.  More¬ 
over,  Godel  noticed  that  the  straightforward  interpretation  of  OF  as  the  arithmetical  formula 
Provable{F) 

“there  exists  a  number  x  which  is  the  code  of  a  proof  of  F”. 
was  incompatible  with  (cf.[10],[ll]). 

Let  us  consider,  for  example,  the  first  order  arithmetic  VA.  If  J.  is  the  boolean 
constant  false,  then  the  ^axiom  OX  X  becomes  a  statement  Consis  VA,  ex¬ 
pressing  the  consistency  of  VA.  By  necessitation,  <54  derives  □(□X-^  X).  The 
latter  formula  expresses  the  assertion  that  Consis  VA  is  provable  in  VA,  which 
contradicts  the  second  Godel  incompleteness  theorem. 

The  issue  of  a  provability  model  for  54  was  studied  by  Godel  [19],  Lemmon  [31],  Myhill 
[38], [39],  Kripke  [28],  Montague  [37],  Mints  [36],  Kuznetsov  &  Muravitskii  [30],  Goldblatt 
[20],  Boolos  [10], [11]  Shapiro  [42], [43],  Buss  [12],  Artemov  [1],  and  many  others.  However,  the 
problem  of  a  formal  provability  semantics  for  ^  has  remained  open. 
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A  principal  difficulty  here  is  caused  by  the  existential  quantifier  over  proofs  in  Provable  {F). 
Indeed,  the  interpretation  of  the  formula  □(OF  — »-F)  is 

‘it  is  provable  that  “Provable{F)  implies  F”  ’ 

Provability  in  VA  can  be  characterized  as  “true  in  all  models  of  VA”,  including  the  non¬ 
standard  ones.  In  a  given  model  of  PA  an  element  that  instantiates  the  variable  x  from  the 
existential  quantifier  for  the  code  of  a  proof  of  F  in  Provable[F)  may  be  nonstandard.  In 
such  a  case  Provable{F)  is  true  in  this  model,  but  there  is  no  “real”  FA-derivation  behind 
such  an  x.  So,  PA  is  not  able  to  conclude  that  F  is  true  from  Provable{F)  is  true  since  the 
latter  formula  does  not  necessarily  deliver  a  proof  of  F. 

This  consideration  suggests  replacing  the  provability  formula  Provable{F)  by  the  formula 
for  proofs  Proof(t,F)  and  the  existential  quantifier  on  proofs  in  the  former  by  Skolem  style 
operations  on  proofs  in  the  latter.  Such  a  conversion  would  help  to  avoid  evaluation  of  proofs 
by  nonstandard  numbers. 

The  problem  of  finding  the  logic  which  accommodates  the  atoms  t  is  a  proof  of  F  (the  logic 
of  proofs)  has  met  considerable  technical  difficulties.  The  usual  Skolem  methods  of  converting 
quantifiers  into  functions  do  not  apply  here,  since  there  are  no  universal  laws  of  commutation 
of  the  provability  operator  with  the  quantifiers.  In  order  to  find  the  logic  of  proofs  one  has  to 
address  the  issue  of  an  appropriate  set  of  proof  terms  t  first.  In  particular,  we  have  to  figure 
out  what  operations  on  proofs  are  needed  to  express  all  logical  laws  of  provability.  Some  of 
these  operations  come  from  the  proof  of  Godel’s  second  incompleteness  theorem.  Within  that 
proof  it  was  established  that 

PA  H  Provable {F  — ^  G)  A  Provable{F)  Provable{G). 

This  formula  is  a  ‘Torgetful”  version  of  the  following  theorem. 

For  some  computable  function  m(x,y) 

PA  f-  Proof  {s,  F-^G)  A  Proof  {t,  F)  Proof  {m{s,  t),G). 

A  similar  decoding  can  be  done  for  another  lemma  from  Godel’s  second  incompleteness  the¬ 
orem  PA  H  Provable{F)  — »■  Provable(Provable{F)) . 

For  some  computable  function  c(x) 

PA  I-  Proof  {t,  F)  Proof  {c{t),  Proof  {t,  F)). 

In  his  Lecture  at  Zilsel’s,  1938,  (published  in  1995  in  [19],  see  also  [41])  Godel  sketched  a 
constructive  version  of  with  the  basic  propositions  “t  is  a  proof  of  F”  and  operations  similar 
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to  m{x,y)  and  c{x).  This  Godel’s  suggestion  in  principle  suffices  to  justify  the  reflexivity 
principle  along  with  the  necessitation  rule.  However,  the  questions  about  a  complete  set  of 
terms  and  axioms  for  the  logic  of  proofs,  as  well  as  the  question  about  its  ability  to  realize 
the  entire  have  remained  unanswered.  It  turned  out  that  Godel’s  sketch  of  1938  lacks  the 
operation  without  which  a  realization  of  «S4  cannot  be  completed. 

The  complete  axiomatization  of  the  logic  of  proofs  CP  was  found  by  the  author  indepen¬ 
dently  of  Godel’s  paper  [19],  which  was  published  as  late  as  1995.  The  first  presentations  of 
CP  took  place  at  the  author’s  talks  at  the  conferences  in  Munster  and  Amsterdam  in  1994. 
Preliminary  versions  of  CP  appeared  in  Technical  Reports  [4],  [5],  [7],  cf.  also  the  survey  [21]. 
In  these  papers  the  a?dom  systems  for  CP  in  Hilbert,  Gentzen  and  natural  deduction  format 
were  found,  soundness  and  completeness  with  respect  to  the  standard  provability  semantics 
were  established.  It  was  also  discovered  that  given  54-derivation  of  a  modal  formula  F  one 
can  reveal  its  explicit  provability  meaning  by  assigning  proof  terms  to  the  modalities  in  such  a 
way  that  the  resulting  formula  F'"  in  the  CP  format  is  derivable  in  CP.  This  yields  a  positive 
solution  to  the  problem  of  finding  the  intended  provability  semantics  for  the  modal  logic  54. 
Since  Int  is  embedded  into  54  ,  for  example,  by  the  Godel  translation  (cf.  [18],  [48],  [13]), 
the  above  realization  of  54  in  simultaneously  provides  an  adequate  realization  of  Int  in 
CP.  Therefore,  CP  may  be  regarded  as  the  natural  formalization  of  the  classical  Brouwer- 
Heyting-Kolmogorov  semantics  for  the  intuitionistic  logic.  Intuitionistic  logic  Int  was  shown 
to  be  complete  with  respect  to  this  semantics  (this  was  implicitly  conjectured  by  Kolmogorov 
in  1932). 

In  CP  the  notion  term  t  is  a  proof  of  F  and  term  t  has  type  F  are  subsumed  by  the  basic 
CP  proposition  t:F.  Under  these  interpretations  CP  naturally  encompasses  combinatory  lo^c 
and  A-calculi  corresponding  to  intuitionistic  and  modal  logics.  In  addition,  CP  is  strictly  more 
expressive  because  it  admits  arbitrary  combinations  of  and  propositional  connectives.  By 
treating  uniformly,  CP  unifies  the  semantics  of  modality,  combinatory,  and  A-terms.  All 
these  objects  are  realized  as  proof  terms  in  CP. 

Gabbay’s  Labelled  Deductive  Systems  ([17])  may  serve  as  a  natural  framework  for  CP. 
Intuitionistic  Type  Theory  by  Martin-L6f  [32],  [33]  also  makes  use  of  the  format  t:F  with  its 
informal  provability  reading.  CP  may  also  be  regarded  as  a  basic  epistemic  logic  with  explicit 
justifications;  a  problem  of  finding  such  systems  was  raised  by  van  Benthem  in  [9]. 

In  this  paper  we  establish  some  sort  of  the  functional  completeness  property  of  the  system 
of  CP  proof  terms  (called  proof  polynomials).  We  show  that  every  operation  on  proofs  that 
(i)  can  be  specified  in  a  propositional  modal  language  and  (ii)  is  invariant  with  respect  to  the 
choice  of  a  proof  system  is  realized  by  a  proof  polynomial^.  This  theorem  justifies  the  choice 
of  the  set  of  proof  terms  for  CP  and  thus  CP  itself.  Along  with  the  completeness  theorem  for 
CP  and  the  theorem  about  the  realization  of  54  in  >CP  ([4],  [7])  this  demonstrates  that  CP  is 
indeed  the  logic  of  proofs  in  the  format  with  “t  is  a  proof  of  F”  and  54  is  indeed  the  modal 

^The  first  version  of  this  theorem  appeared  in  the  technical  report  [4]. 
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logic  of  explicit  provability.  In  other  words,  given  the  intended  provability  semantics  of  t:F 
and  OF  there  are  no  operations  on  proofs  other  than  proof  polynomials,  no  logical  principles 
of  proofs  other  than  derivable  in  CP  and  no  principles  of  provability  other  than  derivable  in 
Si. 

1  Logic  of  Proofs 

1.1  Definition.  The  language  of  Logic  of  Proofs  {CP)  contains 

the  usual  language  of  classical  propositional  logic 
proof  variables  xo, . . . ,  Xnj  •  •  •)  proof  constants  oq,  . . . ,  On?  •  •  • 
function  symbols:  monadic  !,  binary  •  and  + 
operator  symbol  of  the  type  “term  :  formula^. 

We  will  use  a,b,c,...  for  proof  constants,  u,  v,  w,  x,y,z,...  for  proof  variables,  i,  j,  k,  I,  m,  n 
for  natural  numbers.  Terms  are  defined  by  the  grammar 

p  ::=  Xi  I  a,-  |  Ip  \pi-P2\Pi+P2 

We  call  these  terms  proof  polynomials  and  denote  them  by  p,r,s,t. . ..  By  analogy  we  refer  to 
constants  as  coefficients.  Constants  correspond  to  proofs  of  a  finite  fixed  set  of  propositional 
schemas.  We  will  also  omit  •  whenever  it  is  safe.  We  also  assume  that  (a  •  6  •  c) ,  (o  •  6  •  c  •  d) , 
etc.  should  be  read  as  ((c  ^b)  -c),  (((a  •  6)  •  c)  •  d),  etc. 

Using  t  to  stand  for  any  term  and  S  for  any  propositional  letter,  the  formulas  are  defined 
by  the  grammar 

<r  ::=  5  I  <7i-^<T2  I  o’iA(T2  |  |  ->0  \  t:<T 

We  will  use  A,B,C,F,G,H,X,Y,Z  for  the  formulas  in  this  language,  and  P,  A, . . .  for  the 
finite  sets  (also  finite  multisets,  or  finite  lists)  of  formulas  unless  otherwise  explicitly  stated. 
We  will  also  use  x,  y,  z, . . .  and  p,f,s,...  for  vectors  of  proof  variables  and  proof  polynomials 
respectively.  If  s  =  (si, . . . ,  Sn)  and  T  =  (Fi, . . . ,  Fn),  then  s : F  denotes  (si :  Fi, . . . ,  Sn :  Fn), 
V  r  =  Fi  V  . . .  V  Fn,  /y  r  =  Fi  A . . .  A  F„.  We  assume  the  following  precedences  from  highest 
to  lowest:  A,  V,->.  We  will  use  the  symbol  =  in  different  situations,  both  formal 

and  informal.  Symbol  =  denotes  syntactical  identity,  ''E~'  is  the  Godel  number  of  E. 

The  intended  semantics  for  p:F  vs  “p  is  a  proof  of  F” ,  which  will  be  formalized  in  the 
next  section.  Note  that  proof  systems  which  provide  a  formal  semantics  for  p :  F  are  multi¬ 
conclusion  ones,  i.e.  p  may  be  a  proof  of  several  different  F‘s  (see  Comment  1.7). 


1.2  Definition.  The  system  CPq.  Axioms: 

AO.  Finite  set  of  axiom  schemes  of  classical  propositional  logic  in  the  language  of  CP 
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Al.  t:F  F 

A2.t:{F^G)  ->  (s:F->  (t-s):G) 

AS.  t:F  -4  lt:{t:F) 

A4.  siF  —¥  (s+f):F,  tiF — ^  {s-\-t).F 

Rule  of  inference: 

F-^G  F 

Rl.  G 


The  system  CP  is  CPq  plus  the  rule 


“verification” 
“application” 
“proof  checker” 
“choice” 


“modus  ponens”. 


R2.  c:A 

if  A  is  an  axiom  AO  -  Af,  and  c  a  proof  constant  “axiom  necessitation” . 

A  Constant  Specification  (CS ^  is  a  finite  set  of  formulas  ci :  Ai , . . . ,  Cn  :  An  such  that  c,-  is 
a  constant,  and  F  an  axiom  AO  -  A4.  Each  derivation  in  CP  naturally  generates  the  CS 
consisting  of  all  formulas  introduced  in  this  derivation  by  the  necessitation  rule. 

1.3  Comment.  Proof  constants  in  CP  stand  for  proofs  of  “simple  facts”,  namely  propo¬ 
sitional  adorns  and  axioms  Al  -  A4.  In  a  way  the  proof  constants  resemble  atomic  con¬ 
stant  terms  {combinators)  of  typed  combinatory  logic  (cf.  [48]).  A  constant  Ci  specified  as 
Cl  :  (A  -4  (B  -4  A))  can  be  identified  with  the  combinator  of  the  type  A  -4  (B  — 4  A). 
A  constant  C2  such  that  C2  :  [(A  -4  (B  -4  C))  -4  ((A  -4  B)  -4  (A  -4  C))]  corresponds  to  the 
combinator  of  the  type  (A-4(B-4C))  -4  ((A-4B)-4  (A-4C)).  The  proof  variables 

may  be  regarded  as  term  variables  of  combinatory  logic,  the  operation  as  the  application 
of  terms.  In  general  an  £P-formula  t :  F  can  be  read  as  a  combinatory  term  t  of  the  type 
F.  Typed  combinatory  logic  CL-4.  thus  corresponds  to  a  fragment  of  CP  consisting  only  of 
formulas  of  the  sort  t :  F  where  t  contains  no  operations  other  than  and  F  is  a  formula 
built  from  the  propositional  letters  by  “-4”  only. 

There  is  no  restriction  on  the  choice  of  a  constant  c  in  R2  within  a  given  derivation.  In 
particular,  R2  allows  to  introduce  a  formula  c :  A(c),  or  to  specify  a  constant  several  times 
as  a  proof  of  different  axioms  from  AO  -  A4.  One  might  restrict  CP  to  injective  constant 
specifications,  i.e.  only  allowing  each  constant  to  serve  as  a  proof  of  a  single  axiom  A  within  a 
given  derivation  (although  allowing  constructions  c:  A(c),  as  before).  Such  a  restriction  would 
not  change  the  ability  of  CP  to  emulate  classical  modal  logic,  or  the  functional  and  arithmetical 
completeness  theorems  for  CP  (below),  though  it  will  provoke  an  excessive  renaming  of  the 
constants. 

Both  CPo  and  CP  enjoy  the  deduction  theorem 

r,AI-B  =$►  ri-A-4B, 
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and  the  substitution  lemma:  IfT{x,P)  h  B{x,P)  for  a  propositional  variable  P  and  a  proof 
variable  x,  then  for  any  proof  polynomial  t  and  any  formula  F 

Tix/t,P/F)\-B{x/t,P/F). 

For  a  given  constant  specification  CS  under  jCPpS)  we  mean  CPo  plus  CS.  Obviously,  the 
following  three  statements  are  equivalent 

•  “F  is  derivable  in  CP  with  a  constant  specification  CS  ”, 

•  CPipS}\-F 

•  CPoh  /\CS-^F. 

1.4  Proposition.  (Lifting  lemma)  Given  a  derivation  V  of  the  type 

s:V,A\-jrp  F, 

one  can  construct  a  proof  polynomial  t(x,  ^  such  that 

s:T,y:Ah£p  t{s,y):F. 


Proof.  By  induction  on  the  derivation  srF,  A  1-  F.  If  F  =  s,-  €  I":  F,  then  put  t  :=!s,- 

and  use  AS.  If  F  =  Dj  €  A,  then  put  t  :=  yj.  If  F  is  an  araom  AO  -  A4,  then  pick  a  fresh 
proof  constant  c  and  put  t  :=  c;  by  R2,  F  c :  F.  Let  F  be  introduced  by  modus  ponens 
from  G  F  and  G.  Then,  by  the  induction  hypothesis,  there  are  proof  polynomials  u{s,  y) 
and  v{s,^  such  that  «:(G  — >  F)  and  v:G  are  both  derivable  in  CP  from  s:T,y:A.  By  A2, 
s:T,y:A  h  («u)  :F,  and  we  put  t  :=  uv.  If  F  is  introduced  by  R2,  then  F  =  c:  A  for  some 
axiom  A.  Use  the  same  R2  followed  by  A 5:  c :  A  ^!c :  c :  A,  to  get  s :  F,  y :  A  hlc :  F,  and  put 
t  :=!c. 

< 

Note  that  if  A  ^£Pq  F,  then  one  can  construct  t{^  which  is  a  product  of  proof  constants  and 
variables  from  y  such  that  y:  A  t(^  :F.  It  is  easy  to  see  from  the  proof  that  the  lifting 
polynomial  t{x,  y)  is  nothing  but  a  blueprint  of  V.  Thus  CP  accommodates  its  own  proofs  as 
terms.  The  necessitation  rule 

h  F  |-  p :  F  for  some  proof  polynomial  p 
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is  a  special  case  of  Lifting.  Note  that  here  p  is  a  blueprint  of  a  proof  of  F  implicitly  mentioned 
in  “1-  F” .  In  particular,  p  is  a  ground  polynomial,  i.e.  it  does  not  contain  variables. 

Logic  of  Proofs  may  be  regarded  as  an  explicit  version  of  the  modal  logic  Not  only 
the  forgetful  projection  of  every  theorem  of  CP  is  provable  in  <S4,  but  every  theorem  F  of  Si 
admits  an  instantiation  of  the  modalities  by  proof  polynomials  such  that  the  resulting  formula 
F'  is  derivable  in  CP  (cf.  [4],  [7]).  The  following  examples  show  how  the  realization  of  in 
CP  works. 

1.5  Example,  ^f- (DAAOB) -4- □(AAB) 

In  CP  the  corresponding  derivation  is 

1.  c:(A->’(JB->AaB)),  by  R2, 

2.  x:A-^{c- x):{B-^AaB),  from  1,  by  A2, 

3.  x'.A-^{y:B-^{c'X  •y):(AAB)),  from  2,  by  A2  and  propositional  logic, 

4.  x:AAy:B  -4  (c •  x  •  y) :(AAB)),  from  3,  by  propositional  logic. 

1.6  Example.  Si  h  (OAVOB)  □(AVB). 

In  CP  the  corresponding  derivation  is 

1 .  Cl  I  (A  — ^  A  V  B) ,  b  t  (B  — ^  A  V  B) ,  by  R2, 

3.  x:A  (o-x):(AVB),  y:B  -»■  (6-y):(AVB),from  1,  by  A2, 

4.  (a-x):(AVB)  -4  (a-x+6-y):(AVB),  (6-y):(AVB)  -4  (a-x+6-y) :(AVB),  by  A4, 

5.  (x:A  Vy:B)  -¥  (a-x+6-y):(AVB),  from  3,  by  propositional  logic. 

1.7  Comment.  Operations  and  “!”  are  present  for  uni-conclusion  as  well  as  multi¬ 
conclusion  proof  systems.  In  turn,  “-j-”  is  an  operation  for  multi-conclusion  proof  systems 
only.  Indeed,  by  A4  we  have  s:F  At:G  -¥  (s+t) ;  F  A  (s+t) :  G,  thus  s  +  t  proves  different 
formulas.  The  differences  between  uni-conclusion  and  multi-conclusion  proof  systems  are 
mostly  cosmetic.  Usual  proof  systems  (Hilbert  or  Gentzen  style)  may  be  considered  as  uni¬ 
conclusion,  e.g.  a  proof  derives  only  the  end  formula  (sequent)  of  a  proof  tree.  On  the  other 
hand,  the  same  systems  may  be  regarded  as  multi-conclusion  by  assuming  that  a  proof  derives 
all  formulas  assigned  to  the  nodes  of  the  proof  tree.  The  logic  of  strictly  uni-conclusion  proof 
systems  was  studied  in  [2],  [3]  and  in  [29],  where  it  meets  a  complete  axiomatization  (system 
PCP).  TCP  is  not  compatible  with  any  modal  logic  (cf.  [7]).  Therefore,  provability  as  a  modal 
operator  corresponds  to  multi-conclusion  proof  systems. 

No  single  operator  “f in  is  a  normal  modality  since  none  of  them  satisfies  the  property 
f :  (P  -4  Q)  -»•  (t :  P  t :  Q).  This  makes  CP  essentially  different  from  numerous  polymodal 
lopes,  e.g.  the  dynamic  lope  of  programs  ([25]),  where  the  modality  is  upgraded  by  some 
additional  features.  In  turn,  in  the  Logic  of  Proofs  the  modality  is  decomposed  into  a  family 
of  proof  polynomials. 
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2  Standard  provability  interpretation  of  CP 

The  Logic  of  Proofs  is  meant  to  play  for  a  notion  of  proof  a  role  similar  to  that  played  by  the 
boolean  propositional  logic  for  the  notion  of  statement.  It  is  shown  in  [4],  [7]  that  CP  enjoys 
the  soundness/completeness  property: 

CP\r  F  ■O  F  is  true  under  any  interpretation  . 

Any  system  of  proofs  with  a  proof  checker  operation  capable  of  internalizing  its  own  proofs  as 
terms  (cf.  [45])  may  be  in  the  scope  of  CP.  In  particular,  any  proof  system  for  the  first  order 
Peano  Arithmetic  PA  (cf.  [10],  [11],  [35],  [46])  provides  a  model  for  CP  with  Godel  numbers 
of  proofs  being  a  instrument  of  internalizing  proofs  as  terms.  The  soundness  (^)  does  not 
necessarily  refer  to  the  arithmetical  models.  However,  PA  is  convenient  for  establishing  the 
completeness  (<=)  of  CP:  pven  CP\/  F  one  can  always  find  a  proof  system  for  PA  along  with 
an  evaluation  of  variables  in  F  which  makes  F  false. 

Within  this  paper  under  Ai  and  Si  we  mean  the  corresponding  classes  of  arithmetical 
predicates.  We  will  use  <p,  tf)  to  denote  arithmetical  formulas,  /,  g,  h  to  denote  arithmetical 
terms,  i,j,k,l,n  to  denote  natural  numbers  unless  stated  otherwise.  We  will  use  the  letters 
tt,  V,  w,  X,  y,  z  to  denote  individual  variables  in  arithmetic  and  hope  that  a  reader  is  able  to 
distinguish  them  from  the  proof  variables.  If  n  is  a  natural  number,  then  n  will  denote  a 
numeral  corresponding  to  n,  i.e.  a  standard  arithmetical  term  O'"'"  where  '  is  a  successor 
functional  symbol  and  the  number  of  '’s  equals  n.  We  will  use  the  simplified  notation  n  for  a 
numeral  n  when  it  is  safe. 

2.1  Definition.  We  assume  that  PA  contains  terms  for  all  primitive  recursive  functions 
(cf.  [46]),  called  primitive  recursive  terms.  Formulas  of  the  form  /(x)  =  0  where  /(x)  is  a 
primitive  recursive  term  are  standard  primitive  recursive  formulas.  A  standard  Si  formula  is 
a  formula  3x(p{x,^  where  (p{x,^  is  a  standard  primitive  recursive  formula.  An  arithmetical 
formula  <p  is  provahly  Ei  if  it  is  provably  equivalent  in  PA  to  a  standard  Ei  formula;  (p  is 
.  provably  Ai  iff  both  (p  and  -t(p  are  provably  Si. 


2.2  Definition.  A  proof  predicate  is  a  provably  Ai-formula  Prf  (x,  y)  such  that  for  every 
arithmetical  sentence  (p 

PAh<p  for  some  n€w  Pr/(n,''<^‘’)  holds. 

A  proof  predicate  Prf(x,y)  is  normal  if  the  following  conditions  are  fulfilled: 

1)  {finiteness  of  proof s)  For  every  proof  k  the  set  T{k)  =  {I  \  Prf{k,l)}  is  finite.  The 
function  from  k  to  the  canonical  number  of  T{k)  is  computable. 
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2)  {conjoinability  of  proofs)  For  any  natural  numbers  k  and  /  there  is  a  natural  number  n 
such  that 

T{k)\JT{l)QT{n). 


2.3  Comment.  Every  multi-conclusion  normal  proof  predicate  can  be  transformed  into  a 
uni-conclusion  one  by  changing  from 

“p  proves  to  “(p,i)  proves  Fi, 

In  turn,  every  uni-conclusion  proof  predicate  may  be  regarded  as  normal  multi-conclusion  by 
reading 


“p  proves  Fi A  ...AFn”  as  “p  proves  each  of  F,  »  =  1, 


2.4  Proposition.  For  every  normal  proof  predicate  Prf  there  are  computable  functions 

a(x,y),  c(x)  such  that  for  all  arithmetical  formulas  (p,  tj)  and  all  natural  numbers  k  n 
the  following  formulas  are  valid:  ’ 

Prf{k,  A  Fr/(n,  Prf{m{k,  n) , 

Prf{k,  ^<p-')-^Prf{a{k,  n),  Prf{n,  ^  Prf{a{k,  n), 

Prf{k,  •’v?-')  -^Fr/(c(A:),  '-Prf{k, 

Proof.  The  following  function  can  be  taken  as  m: 

Given  k,  n  put  m{k,  n)  =  pz^Prf(z,  ’’V’'’)  for  all  V>  such  that  there  are  € 

T{k)  and'-ip-^^T{n)”  . 

Likewise,  for  a  one  could  take 

Given  k,  n  put  a{k,  n)  =  pz  ‘T{k)  U  T{n)  C  T(z) ", 

Finally,  c  may  be  put 

Given  k  put  c{k)  =  pz^Prf{z,  •~Prf{k,  for  all  ^ip->  e  T(ib) "  Such  z  always 

exists.  Indeed,  Prf{k,''(p~')  are  true  Ai  formulas  for  every  e  T(k),  therefore 
they  all  are  provable  in  VA.  Use  conjoinability  to  find  a  uniform  proof  of  all  of 
them. 
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◄ 

Note,  that  the  natural  arithmetical  proof  predicate  PROOF(x,y) 

is  the  code  of  a  derivation  containing  a  formula  with  the  code  j/” . 
is  an  example  of  a  normal  proof  predicate. 

2.5  Definition.  An  arithmetical  interpretation  *  of  the  jCP-language  has  the  following 
parameters: 

•  a  normal  proof  predicate  Pr/with  the  functions  a{x,y),  c{x)  as  in  Proposition 

2.4, 

•  an  evaluation  of  propositional  letters  by  sentences  of  arithmetic,  and 

•  an  evaluation  of  proof  variables  and  proof  constants  by  natural  numbers. 

Let  *  commute  with  boolean  connectives, 

(t-s)*  =  m(f,s*),  (t  +  s)*  =  (!t)*  =  c(f), 

{UPy  =  Prfit^'-F*^). 

Under  an  interpretation  *  a  proof  polynomial  t  becomes  a  natural  number  t*,  an  /!P-formula 
F  becomes  an  arithmetical  sentence  F*.  A  formula  {t:F)*  is  always  provably  Ai.  Note,  that 
VA  (as  well  as  any  theory  containing  certain  finite  set  of  arithmetical  axioms,  e.g.  Robinson’s 
arithmetic)  is  able  to  derive  any  true  Ai  formula,  and  thus  to  derive  a  negation  of  any  false 
Ai  formula  (cf.  [35]).  For  a  set  X  of  jCP-formulas  under  X*  we  mean  the  set  of  all  F*’s 
such  that  F  &  X.  Given  a  constant  specification  CS,  an  arithmetical  interpretation  *  is  a 
CS -interpretation  if  all  formulas  from  CS*  are  true  (equivalently,  are  provable  in  VA).  An 
£P-formula  F  is  valid  (with  respect  to  the  arithmetical  semantics)  if  the  arithmetical  formula 
F*  is  true  under  all  interpretations  *.  F  is  CS-valid  if  F*  is  true  under  all  CS-interpretations 
♦. 

In  Section  3  we  will  need  the  definition  of  *  to  be  extended  to  the  language  with  O.  Then 
we  assume  that  (OF)*  =  3yFr/(y, ’’F*’’). 


2.6  Proposition.  (Arithmetical  soundness  of  CPq) 

1.  If  CPq  F  then  F  is  valid. 

2.  If  CPq  h  F  then  VA  I-  F*  for  any  interpretation  *. 

Proof.  A  straightforward  induction  on  the  derivation  in  CPq.  Let  us  check  2.  for  the  axiom 
t :  F  -¥  F.  Under  an  interpretation  *  {t:F  -¥  F)*  =  Prf(t*yF*'')  F*.  Consider  two 
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possibilities.  Either  Prf{t*,’'F’*~')  is  true,  in  which  case  t*  is  indeed  a  proof  of  F*,  thus 
VAh  F*  and  VA\-  {t:F  F)*.  Otherwise  Prf{t*,  ^F*~')  is  false,  in  which  case  being  a  false 
Ai  formula  it  is  refutable  in  TM,  i.e.  VA I — Frf  {t* F*~*)  and  again  VA  I-  (t:F  F)*. 


2.7  Corollary.  (Arithmetical  soundness  of  jCP) 

1.  IfCPipS)  I-  F  then  F  is  CS-mlid. 

2.  If  CP  ^S)  I-  F  then  VA  h  F*  for  any  CS -interpretation  *. 

3  Functional  completeness  of  proof  polynomials 

In  this  section  we  show  some  sort  of  functional  completeness  for  the  system  of  proof  polyno¬ 
mials  in  CP.  This  provides  one  more  justification  of  the  choice  of  the  basic  set  of  operations 
on  proofs  and  eventually  of  CP  itself,  since  no  closed  subsystem  of  the  set  of  proof 
polynomials  enjoys  this  functional  completeness  property. 

Operations  on  proofs  invariant  with  respect  to  the  choice  of  a  proof  system  naturally  arise 
from  the  notion  of  admissible  rule  in  a  formal  system,  e.g.  arithmetic. 

3.1  Definition.  Let  £  be  a  logical  language  (propositional,  first  order,  modal,  etc.)  with  a 
class  of  its  arithmetical  interpretations  such  that  for  any  interpretation  *  and  any  formula  F 
from  C  an  arithmetical  formula  F*  is  defined.  An  admissible  rule  in  PA  over  £  is  a  figure 

1“  Cl, . . . ,  H  Cn 
hG 

where  Ci, . . . , Cn,  G  are  ^-formulas  such  that  for  every  interpretation  *,  G*  is  provable  in  PA 
whenever  Ci*, . . Cn*  are.  An  admissible  multi-rule  in  PA  is  a  figure 

l-Ci,...,l-Ci^  or  ...  or  1- C^, . . .,1- C*" 

(2) 

such  that  for  every  interpretation  *  G*  is  derivable  in  PA  whenever  for  some  i,  0  <i<n,  all 
(C/)*, . . .,  (Cf')*  are  derivable  in  PA. 

Using  the  modality  □  to  denote  the  provability  in  VA  one  can  present  and  admissible  rule 
(1)  as  the  modal  formula 

oGi  A  0C2  A ...  A  nGn  — ^  ^G 
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and  an  admissible  multi-rule  (2)  as  the  modal  formula 

\//\ac{^aG 

*■  3 

both  true  in  arithmetic  under  every  interpretation.  As  one  can  see,  the  admissible  multi-rules 
rather  then  the  admissible  rules  correspond  the  expressive  power  of  the  modal  provability 
language. 

In  order  to  maintain  a  better  control  over  the  proof  variables  we  will  use  the  language 
of  the  explicit  modal  logic  CP  to  describe  the  proof  arguments  of  the  admissible  multi-rules. 
Indeed,  every  admissible  multi-rule  may  be  regarded  as  an  implicit  specification  of  a  proof  y 
of  G  as  a  function  of  proofs  x^’s  of  Gf ’s. 

3.2  Definition.  Let  C/’s  and  G  be  formulas  in  the  language  of  CP,  An  abstract  operation 
on  proofs  is  a  formula 


\//\xi:C{^nG,  (3) 

»■  3 

that  is  valid  under  all  arithmetical  interpretations. 

Since  (OG)*  =  3yPrf{y,''G*~'),  formula  (3)  is  a  straight  formalization  of  (2)  where  the 
ejdstential  quantifier  over  proofs  in  (OG)*  is  an  implicit  specification  of  a  proof  y  of  G*  as  a 
function  of  xj’s. 

3.3  Example.  Some  examples  of  abstract  operations  on  proofs: 

i)  x:(F— >G)  A  j/:F OG, 

ii)  x:F-^Ox:F, 

in)  x:FAy:G  — )•  □(FaG), 
iu)  x:FVy:G  □(FVG). 

For  each  of  these  examples  there  is  a  proof  polynomial  p  realizing  the  operator  O  in  such  a 
way  that  instantiating  p  inside  □  gives  a  formula  derivable  in  CP: 

t)  £PI-x:(F-fG)Ay:F-4  (x-y):G, 
ii)  CP  h  x:F -¥lx:x:F, 

Hi)  CP  h  x:FAy:G  — »■  t{x,  y) :  (FAG),  (Example  1.5) 
tu)  CP  \-  x:Fyy:G  (ax-l-6y):(FVG).  (Example  1.6) 

The  following  theorem  demonstrates  that  proof  existence  in  any  abstract  operation  on 
proofs  can  be  instantiated  with  a  specific  proof  polynomial. 
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3.4  Theorem.  For  any  abstract  operation  on  proofs 


\//\xi:Ci-^aG 

i  i 

one  can  construct  a  proof  polynomial  p{x)  such  that 

-4 p{x):G. 

i  3 


Proof.  Let  (2)  be  an  abstract  operation  on  proofs,  and  let  us  denote 

\/A4-cl 

»  i 

by  C.  Since  OG  ^  G  is  valid,  the  formula  C  -¥G  is  also  valid.  By  the  completeness  theorem 
for  CP  ([4],[7],[21]),  CP  \-  C  G.  By  Lifting  Lemma  1.4  one  can  construct  a  ground  proof 
polynomial  t  such  that  CP  h  t:{C-^G).  By  A2,  given  a  fresh  variable  y 

£PI-y:C-4(t-y):G.  (4) 

3.5  Lemma.  For  any  formulas  A,B  one  can  construct  a  proof  polynomial  u(x,y)  such  that 


CP  x:AAy:B  -¥  u{x,y):{x  \  AAy.B). 


Proof.  Indeed,  CP  xxA  -4b  :x'.A  and  CP  h  y:B  -4!y :  y :  B,  by  AS.  By  1.5,  one  can 
construct  a  proof  polynomial  t  such  that 

CP  Hx:x:AA\y:y:B  -4  t(!®,  !y):(x:AA  y:B), 


thus 

CP  x\A  A  y:B  -4  t(!x,  !y):(x:AA  y:i3). 

◄ 


3.6  Lemma.  For  all  formulas  A,  B  there  exists  a  proof  polynomial  v{x,  y)  such  that 

CP  x:A\/y:B  -4  v(x,y):(x:AVy:B). 
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Proof.  Again,  CP  f-  a; : A  — f!® : ® : A  and  CP  \-  y:B  -¥\y ’-y-B,  therefore 

CP  h  x:AVy:B  -¥\x:x:A\/\y:y:B. 

Consider  the  Constant  Specification  consisting  of  two  formulas  a:{x:  A -^xiAVyiB)  and 
b:{y:B-¥x:A\/y:B).  By  A2 

CP  \-\x:x:A—^  {a\x):{x:A\/y:B), 

CP  \-ly:y:B  ->  (bly) :  (®  :AVy:B). 

By  A4, 

CP  f-  (a!®):(®:AVt/:-B)  V  (6!t/) : (®:AVy:B)  (a!»  +  6!y):(®:AVy:S), 

therefore 

CP  l-!®:®:AV!y:y:B ->  (a!®  +  6!y) :  (® :AVy:B) 

and 

CP  I-  x’.Ayy.B  — >  (a!®  +  6!y):(®:AVy:jB). 

◄ 


3.7  Lemma.  One  can  construct  a  proof  polynomial  s{x)  such  that 


CP\-C^s{x):C. 


Proof.  A  straightforward  induction  on  the  number  of  the  outer  conjunctions  and  disjunctions 
in  the  formula 

C  =  \//\xi:Ci. 

*  j 

The  base  case  C  =  x:B.  Let  s(®)  be  1®.  By  A5,  CP\-  x:B  -f!® :®  :B,  thus  CP  I-  C-^s{x)  :C. 

There  are  two  cases  in  the  induction  step.  If  C  is  ®  :  A  A  y  :  B,  then  use  3.5.  If  C  is 
x:A\/  y.B,  then  use  3.6. 

◄ 

From  (4),  by  substituting  s(®)  for  y,  we  get 

£P  h  s(®)  :C (t  •  s(®))  :G, 

and  thus,  from  3.7,  we  get  the  desired  CP  C  -¥  (t  •  s(®)) :  G.  This  concludes  the  proof  of 
3.4. 
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◄ 


3.8  Comment.  Whereas  the  realization  of  axlmissible  multi-rules  (2)  requires  all  three 
proof  connectives  *,  1,-1-,  the  realization  of  the  plain  admissible  rules  of  the  form  (1)  does  not 
require 


3.9  Comment.  Modulo  to  renaming  of  the  operations  *, !,  -|-  no  proper  subset  of  the 
set  of  all  proof  polynomials  closed  under  substitution  is  able  to  realize  all  abstract  operations 
on  proofs  in  the  style  of  Theorem  3.4.  Indeed,  examples  3.3 (i)  and  3.3(ii)  specify  some 
operations  similar  to  “application”  and  “proof  checker”  respectively.  By  3.3 (iv),  there  is  a 
proof  polynomial  t{x,y)  in  T  such  that  CP  \-  x\F\l  y'.F  t{x,  y) :  (FVF).  On  the  other 
hand,  for  some  proof  polynomial  p  from  P  CP  p:{F\/F  — >  F).  By  3.3  (i),  there  should  be  a 
proof  polynomial  q{x,y)  from  P,  which  is  the  result  of  the  “application”  of  p  to  t{x,y)  such 
that  CP  I-  t{x,  y) :  (FVF)  q{x,  y) :  F.  Therefore  CP\-x:F\/y:F-¥  q{x,  y) :  F,  and  thus 
q(x,  y)  is  an  operation  in  P  similar  to  “-f-” . 
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